Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/60E63D04171011EFA738EE2BC4F9AE02.roa
File:                     60E63D04171011EFA738EE2BC4F9AE02.roa (raw, json)
Hash identifier:          z7i+8JDtkwBXsJiBRuHLiPii7t2O94h0fmBQOSB0Z+4=
Subject key identifier:   D5:26:24:B4:FA:43:FF:52:65:BA:98:D0:04:08:26:6F:72:23:B5:BD
Certificate issuer:       /CN=A91E22E3/serialNumber=B78E7FE3CB2D4B5A1EB928A690BC6579DF881BE9
Certificate serial:       01A3
Authority key identifier: B7:8E:7F:E3:CB:2D:4B:5A:1E:B9:28:A6:90:BC:65:79:DF:88:1B:E9
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/t45_48stS1oeuSimkLxled-IG-k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/60E63D04171011EFA738EE2BC4F9AE02.roa
Signing time:             Mon 13 Jul 2026 23:56:36 +0000
ROA not before:           Mon 13 Jul 2026 23:56:36 +0000
ROA not after:            Wed 31 Mar 2027 00:00:00 +0000
asID:                     38495
IP address blocks:        166.65.11.0/24 maxlen: 24
                          166.65.16.0/20 maxlen: 20
                          166.65.176.0/22 maxlen: 22
                          166.65.180.0/22 maxlen: 22
                          166.65.180.0/23 maxlen: 23
                          166.65.182.0/23 maxlen: 23
                          166.65.184.0/21 maxlen: 21
                          166.65.184.0/22 maxlen: 22
                          166.65.188.0/22 maxlen: 22
                          166.65.192.0/21 maxlen: 21
                          166.65.192.0/22 maxlen: 22
                          166.65.196.0/22 maxlen: 22
                          166.65.200.0/21 maxlen: 21
                          166.65.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/t45_48stS1oeuSimkLxled-IG-k.crl
                          rsync://rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/t45_48stS1oeuSimkLxled-IG-k.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/t45_48stS1oeuSimkLxled-IG-k.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 05:21:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 419 (0x1a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E22E3, serialNumber=B78E7FE3CB2D4B5A1EB928A690BC6579DF881BE9
        Validity
            Not Before: Jul 13 23:56:36 2026 GMT
            Not After : Mar 31 00:00:00 2027 GMT
        Subject: CN=6a557b34-02d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:36:a9:6d:7b:a7:7d:3a:73:0a:d2:81:fa:5f:
                    aa:38:23:21:49:f6:c2:3e:e8:ec:ac:b4:9d:e9:ec:
                    0a:28:d5:4c:81:73:e3:96:9a:6f:46:ee:3b:de:82:
                    d5:f8:18:b6:90:1b:cb:ed:96:9c:1e:e6:31:b2:3b:
                    39:84:a8:59:60:63:d9:0d:65:77:77:f2:df:0e:c7:
                    68:f0:ed:d0:6f:15:68:c2:ba:47:df:52:49:d4:9b:
                    4a:7f:71:eb:87:dd:eb:09:08:d0:3c:3a:79:e9:51:
                    77:ea:13:8e:43:90:b1:fa:f8:be:c4:85:97:a6:bf:
                    f7:32:7b:03:e3:35:3b:22:6e:0c:c0:d0:74:00:65:
                    a1:c8:e3:60:1a:1a:43:c0:60:85:a8:e6:69:ee:0a:
                    ca:b8:8b:10:23:49:55:5b:0f:86:0c:be:8d:71:50:
                    c0:e5:19:2d:c0:bf:e3:a4:87:f8:1b:b6:ed:98:51:
                    b7:93:ee:e0:db:a3:47:39:ca:5a:a2:9f:59:6f:cd:
                    d0:55:4e:cd:06:4e:c7:e2:fa:4a:64:74:54:78:5a:
                    ac:96:10:3c:f5:d9:a6:84:15:5d:09:60:bb:7d:5a:
                    76:f2:b1:9a:ad:d7:0e:a4:ed:1e:3a:f4:38:73:44:
                    f8:c3:ba:53:b2:1e:05:a0:a2:e3:46:48:63:0c:13:
                    bb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:26:24:B4:FA:43:FF:52:65:BA:98:D0:04:08:26:6F:72:23:B5:BD
            X509v3 Authority Key Identifier:
                keyid:B7:8E:7F:E3:CB:2D:4B:5A:1E:B9:28:A6:90:BC:65:79:DF:88:1B:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/t45_48stS1oeuSimkLxled-IG-k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/t45_48stS1oeuSimkLxled-IG-k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E22E3/7AA8943E170C11EF94F17C14C4F9AE02/60E63D04171011EFA738EE2BC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.65.11.0/24
                  166.65.16.0/20
                  166.65.176.0-166.65.223.255

    Signature Algorithm: sha256WithRSAEncryption
         83:5a:39:ae:91:3e:e7:af:b1:b6:15:3f:e3:5d:3e:e0:da:fd:
         df:a1:72:71:00:7c:3e:ae:12:1c:8f:03:3e:74:c5:ce:c8:5a:
         fe:62:8b:eb:63:7a:38:62:8c:34:65:3d:ab:9f:02:ba:37:12:
         d4:9f:50:c5:d0:c5:40:bc:d1:d1:8b:8c:79:46:47:0e:53:ac:
         7c:7d:07:a8:46:0e:60:2e:79:cd:60:c6:7a:29:c6:94:a1:69:
         1c:77:f2:0f:0b:83:af:0a:48:51:2a:f1:47:0d:45:c4:92:f4:
         ce:f4:12:d1:c9:0c:5e:a7:ad:de:d3:50:f4:6d:72:72:3e:9a:
         08:83:76:39:19:d5:29:e2:e2:ca:a9:fe:7b:72:dc:21:3c:30:
         01:82:b3:c4:86:e7:a8:75:96:88:86:2d:52:48:17:8b:95:49:
         c4:71:c9:d7:5d:89:80:50:b0:07:54:86:9d:e5:ab:e8:96:65:
         51:3f:a5:b4:61:66:24:04:6e:ec:ca:d5:7a:39:b3:e0:fe:e4:
         81:e2:f1:c5:aa:d0:65:08:5e:09:d5:62:04:10:05:27:2f:26:
         f3:89:61:47:48:05:7b:d7:4a:73:f1:f9:0d:00:a9:37:ab:c6:
         81:f5:62:c3:34:93:ef:c1:24:3f:60:b5:ed:8a:35:48:cf:38:
         fd:e9:75:7a
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgICAaMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTIyRTMxMTAvBgNVBAUTKEI3OEU3RkUzQ0IyRDRCNUExRUI5MjhBNjkwQkM2NTc5
REY4ODFCRTkwHhcNMjYwNzEzMjM1NjM2WhcNMjcwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTU1N2IzNC0wMmQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0japbXunfTpzCtKB+l+qOCMhSfbCPujsrLSd6ewKKNVMgXPjlppvRu473oLV
+Bi2kBvL7ZacHuYxsjs5hKhZYGPZDWV3d/LfDsdo8O3QbxVowrpH31JJ1JtKf3Hr
h93rCQjQPDp56VF36hOOQ5Cx+vi+xIWXpr/3MnsD4zU7Im4MwNB0AGWhyONgGhpD
wGCFqOZp7grKuIsQI0lVWw+GDL6NcVDA5RktwL/jpIf4G7btmFG3k+7g26NHOcpa
op9Zb83QVU7NBk7H4vpKZHRUeFqslhA89dmmhBVdCWC7fVp28rGardcOpO0eOvQ4
c0T4w7pTsh4FoKLjRkhjDBO7KwIDAQABo4ICdDCCAnAwHQYDVR0OBBYEFNUmJLT6
Q/9SZbqY0AQIJm9yI7W9MB8GA1UdIwQYMBaAFLeOf+PLLUtaHrkoppC8ZXnfiBvp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMjJFMy83QUE4OTQzRTE3
MEMxMUVGOTRGMTdDMTRDNEY5QUUwMi90NDVfNDhzdFMxb2V1U2lta0x4bGVkLUlH
LWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3Q0NV80OHN0UzFvZXVTaW1rTHhsZWQtSUctay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTIyRTMvN0FBODk0M0UxNzBDMTFFRjk0RjE3QzE0QzRGOUFFMDIvNjBFNjNEMDQx
NzEwMTFFRkE3MzhFRTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBwEHAQH/BCQwIjAg
BAIAATAaAwQApkELAwQEpkEQMAwDBASmQbADBAWmQcAwDQYJKoZIhvcNAQELBQAD
ggEBAINaOa6RPuevsbYVP+NdPuDa/d+hcnEAfD6uEhyPAz50xc7IWv5ii+tjejhi
jDRlPaufAro3EtSfUMXQxUC80dGLjHlGRw5TrHx9B6hGDmAuec1gxnopxpShaRx3
8g8Lg68KSFEq8UcNRcSS9M70EtHJDF6nrd7TUPRtcnI+mgiDdjkZ1Sni4sqp/nty
3CE8MAGCs8SG56h1loiGLVJIF4uVScRxydddiYBQsAdUhp3lq+iWZVE/pbRhZiQE
buzK1Xo5s+D+5IHi8cWq0GUIXgnVYgQQBScvJvOJYUdIBXvXSnPx+Q0AqTerxoH1
YsM0k+/BJD9gte2KNUjPOP3pdXo=
-----END CERTIFICATE-----
Generated at Sat Jul 18 05:23:23 2026 by rpki-client